From feaf10d0a7eb5e59e69c058b10c91c45d2b1b0e3 Mon Sep 17 00:00:00 2001
From: beck <>
Date: Sat, 3 Feb 2024 15:58:34 +0000
Subject: Remove GOST and STREEBOG support from libssl.

This version of GOST is old and not anywhere close to compliant with
modern GOST standards. It is also very intrusive in libssl and
makes a mess everywhere.  Efforts to entice a suitably minded anyone
to care about it have been unsuccessful.

At this point it is probably best to remove this, and if someone
ever showed up who truly needed a working version, it should be
a clean implementation from scratch, and have it use something
closer to the typical API in libcrypto so it would integrate less
painfully here.

This removes it from libssl in preparation for it's removal from
libcrypto with a future major bump

ok tb@
---
 src/lib/libssl/ssl_ciph.c | 107 +++-------------------------------------------
 1 file changed, 6 insertions(+), 101 deletions(-)

(limited to 'src/lib/libssl/ssl_ciph.c')

diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index cea4d3e6f4..76a3840520 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_ciph.c,v 1.138 2024/01/04 20:02:10 tb Exp $ */
+/* $OpenBSD: ssl_ciph.c,v 1.139 2024/02/03 15:58:33 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -212,10 +212,6 @@ static const SSL_CIPHER cipher_aliases[] = {
 		.name = SSL_TXT_ECDH,
 		.algorithm_mkey = SSL_kECDHE,
 	},
-	{
-		.name = SSL_TXT_kGOST,
-		.algorithm_mkey = SSL_kGOST,
-	},
 
 	/* server authentication aliases */
 	{
@@ -242,14 +238,6 @@ static const SSL_CIPHER cipher_aliases[] = {
 		.name = SSL_TXT_ECDSA,
 		.algorithm_auth = SSL_aECDSA,
 	},
-	{
-		.name = SSL_TXT_aGOST01,
-		.algorithm_auth = SSL_aGOST01,
-	},
-	{
-		.name = SSL_TXT_aGOST,
-		.algorithm_auth = SSL_aGOST01,
-	},
 
 	/* aliases combining key exchange and server authentication */
 	{
@@ -355,14 +343,6 @@ static const SSL_CIPHER cipher_aliases[] = {
 		.name = SSL_TXT_SHA,
 		.algorithm_mac = SSL_SHA1,
 	},
-	{
-		.name = SSL_TXT_GOST94,
-		.algorithm_mac = SSL_GOST94,
-	},
-	{
-		.name = SSL_TXT_GOST89MAC,
-		.algorithm_mac = SSL_GOST89MAC,
-	},
 	{
 		.name = SSL_TXT_SHA256,
 		.algorithm_mac = SSL_SHA256,
@@ -371,10 +351,6 @@ static const SSL_CIPHER cipher_aliases[] = {
 		.name = SSL_TXT_SHA384,
 		.algorithm_mac = SSL_SHA384,
 	},
-	{
-		.name = SSL_TXT_STREEBOG256,
-		.algorithm_mac = SSL_STREEBOG256,
-	},
 
 	/* protocol version aliases */
 	{
@@ -472,11 +448,6 @@ ssl_cipher_get_evp(const SSL_SESSION *ss, const EVP_CIPHER **enc,
 	case SSL_CAMELLIA256:
 		*enc = EVP_camellia_256_cbc();
 		break;
-#ifndef OPENSSL_NO_GOST
-	case SSL_eGOST2814789CNT:
-		*enc = EVP_gost2814789_cnt();
-		break;
-#endif
 	}
 
 	switch (ss->cipher->algorithm_mac) {
@@ -492,21 +463,11 @@ ssl_cipher_get_evp(const SSL_SESSION *ss, const EVP_CIPHER **enc,
 	case SSL_SHA384:
 		*md = EVP_sha384();
 		break;
-#ifndef OPENSSL_NO_GOST
-	case SSL_GOST89MAC:
-		*md = EVP_gost2814789imit();
-		break;
-	case SSL_GOST94:
-		*md = EVP_gostr341194();
-		break;
-	case SSL_STREEBOG256:
-		*md = EVP_streebog256();
-		break;
-#endif
 	}
 	if (*enc == NULL || *md == NULL)
 		return 0;
 
+	/* XXX remove these from ssl_cipher_get_evp? */
 	/*
 	 * EVP_CIPH_FLAG_AEAD_CIPHER and EVP_CIPH_GCM_MODE ciphers are not
 	 * supported via EVP_CIPHER (they should be using EVP_AEAD instead).
@@ -515,18 +476,9 @@ ssl_cipher_get_evp(const SSL_SESSION *ss, const EVP_CIPHER **enc,
 		return 0;
 	if (EVP_CIPHER_mode(*enc) == EVP_CIPH_GCM_MODE)
 		return 0;
-#ifndef OPENSSL_NO_GOST
-	/* XXX JFC. die in fire already */
-	if (ss->cipher->algorithm_mac == SSL_GOST89MAC) {
-		*mac_pkey_type = EVP_PKEY_GOSTIMIT;
-		*mac_secret_size = 32; /* XXX */
-	} else {
-#endif
-		*mac_pkey_type = EVP_PKEY_HMAC;
-		*mac_secret_size = EVP_MD_size(*md);
-#ifndef OPENSSL_NO_GOST
-	}
-#endif
+
+	*mac_pkey_type = EVP_PKEY_HMAC;
+	*mac_secret_size = EVP_MD_size(*md);
 	return 1;
 }
 
@@ -581,14 +533,6 @@ ssl_get_handshake_evp_md(SSL *s, const EVP_MD **md)
 	case SSL_HANDSHAKE_MAC_DEFAULT:
 		*md = EVP_md5_sha1();
 		return 1;
-#ifndef OPENSSL_NO_GOST
-	case SSL_HANDSHAKE_MAC_GOST94:
-		*md = EVP_gostr341194();
-		return 1;
-	case SSL_HANDSHAKE_MAC_STREEBOG256:
-		*md = EVP_streebog256();
-		return 1;
-#endif
 	case SSL_HANDSHAKE_MAC_SHA256:
 		*md = EVP_sha256();
 		return 1;
@@ -641,6 +585,7 @@ ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr,
 	*head = curr;
 }
 
+/* XXX beck: remove this in a followon to removing GOST */
 static void
 ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth,
     unsigned long *enc, unsigned long *mac, unsigned long *ssl)
@@ -651,16 +596,6 @@ ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth,
 	*mac = 0;
 	*ssl = 0;
 
-	/*
-	 * Check for the availability of GOST 34.10 public/private key
-	 * algorithms. If they are not available disable the associated
-	 * authentication and key exchange algorithms.
-	 */
-#if defined(OPENSSL_NO_GOST) || !defined(EVP_PKEY_GOSTR01)
-	*auth |= SSL_aGOST01;
-	*mkey |= SSL_kGOST;
-#endif
-
 #ifdef SSL_FORBID_ENULL
 	*enc |= SSL_eNULL;
 #endif
@@ -1455,9 +1390,6 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
 	case SSL_kECDHE:
 		kx = "ECDH";
 		break;
-	case SSL_kGOST:
-		kx = "GOST";
-		break;
 	case SSL_kTLS1_3:
 		kx = "TLSv1.3";
 		break;
@@ -1478,9 +1410,6 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
 	case SSL_aECDSA:
 		au = "ECDSA";
 		break;
-	case SSL_aGOST01:
-		au = "GOST01";
-		break;
 	case SSL_aTLS1_3:
 		au = "TLSv1.3";
 		break;
@@ -1520,9 +1449,6 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
 	case SSL_CHACHA20POLY1305:
 		enc = "ChaCha20-Poly1305";
 		break;
-	case SSL_eGOST2814789CNT:
-		enc = "GOST-28178-89-CNT";
-		break;
 	default:
 		enc = "unknown";
 		break;
@@ -1544,15 +1470,6 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
 	case SSL_AEAD:
 		mac = "AEAD";
 		break;
-	case SSL_GOST94:
-		mac = "GOST94";
-		break;
-	case SSL_GOST89MAC:
-		mac = "GOST89IMIT";
-		break;
-	case SSL_STREEBOG256:
-		mac = "STREEBOG256";
-		break;
 	default:
 		mac = "unknown";
 		break;
@@ -1666,8 +1583,6 @@ SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c)
 		return NID_des_cbc;
 	case SSL_RC4:
 		return NID_rc4;
-	case SSL_eGOST2814789CNT:
-		return NID_gost89_cnt;
 	default:
 		return NID_undef;
 	}
@@ -1680,10 +1595,6 @@ SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c)
 	switch (c->algorithm_mac) {
 	case SSL_AEAD:
 		return NID_undef;
-	case SSL_GOST89MAC:
-		return NID_id_Gost28147_89_MAC;
-	case SSL_GOST94:
-		return NID_id_GostR3411_94;
 	case SSL_MD5:
 		return NID_md5;
 	case SSL_SHA1:
@@ -1692,8 +1603,6 @@ SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c)
 		return NID_sha256;
 	case SSL_SHA384:
 		return NID_sha384;
-	case SSL_STREEBOG256:
-		return NID_id_tc26_gost3411_2012_256;
 	default:
 		return NID_undef;
 	}
@@ -1708,8 +1617,6 @@ SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c)
 		return NID_kx_dhe;
 	case SSL_kECDHE:
 		return NID_kx_ecdhe;
-	case SSL_kGOST:
-		return NID_kx_gost;
 	case SSL_kRSA:
 		return NID_kx_rsa;
 	default:
@@ -1726,8 +1633,6 @@ SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c)
 		return NID_auth_null;
 	case SSL_aECDSA:
 		return NID_auth_ecdsa;
-	case SSL_aGOST01:
-		return NID_auth_gost01;
 	case SSL_aRSA:
 		return NID_auth_rsa;
 	default:
-- 
cgit v1.2.3-55-g6feb